The phrase “nature abhors a vacuum” is especially true for plan staff in the absence of AI guidance. One study, “More than Half of Generative AI Adopters Use Unapproved Tools at Work,” found that 55 percent of surveyed employees had used unapproved generative AI tools at work. Even worse, 69 percent of those employees had never received training on how to use generative AI safely and ethically at work.

Clearly, providing no guidance to your employees is not the answer.

Prohibiting the use of AI

Merely deciding not to allow AI use in the workplace is not sufficient. Plans that choose not to allow AI use should carefully develop a policy that specifically prohibits staff from using AI.

The policy should include examples of common AI sites to inform staff about what the policy prohibits. Plans should also have their IT support implement restrictions on website access to AI sites and tools.

Don’t forget your vendors. Incorporate policy requirements in vendor contracts and require vendors to disclose any AI usage. Plans must also require their vendors to maintain the confidentiality and security of sensitive information. Everyone must agree on what data can and cannot be used.

Embracing AI

If you accept the fact that AI is here to stay and decide to incorporate it into the workplace, there are several best-practice steps to take:

• First, get legal involved. Now. You need the help and guidance that only legal can provide. There is simply too much at stake to not take advantage of good counsel.
• Second, educate yourself. Talk to other plans or consultants. You do not need to reinvent this wheel. Many other plans have already implemented this decision. Use the wisdom they gained by going through the process. Then, take it another step to make it your own.
• Third, determine what AI use cases are appropriate for your plan. Examples include real-time AI-augmented analytics, call monitoring and chatbots. But be careful using AI for personnel decisions. Bias concerns are a very real thing, and typically limit AI use for personnel decisions.
• Finally, develop an AI use policy. Consider creating a cross-functional pilot group whose assignment is to become educated and help guide the organization’s policy creation. Evaluate the breadth of a possible AI policy, and keep in mind that “everything” is too broad. Develop the guiding principles that the policy should reflect, including minimizing bias and maximizing security. Prohibit unauthorized use of AI — both the people who cannot use it and the tasks for which it cannot be used. Require authorized users to receive appropriate training, including education regarding AI-related scams. Remember to include vendor requirements in your policy, as well.

Make sure everyone understands the policy

When the policy is complete, you should require all staff to read and affirm their understanding of the AI policy, whether they are authorized users or not.

Your IT support should maintain an inventory of AI uses and audit compliance with the AI usage policy. Again, IT should lock down access to unauthorized AI sites and tools for unauthorized users.

Prepare to keep the policy up to date

Both AI users and non-users need to remember one very important thing about their new AI policy: You cannot just “set it and forget it.”

You need to keep informed as laws, technology and AI tools evolve over time, and modify your policy accordingly. Expect changes to that policy as new issues arise.

Make a choice sooner rather than later

In the wise words of ancient Roman statesman and writer Cicero, “More is lost by indecision than wrong decision. Indecision is the thief of opportunity.” Remember that whichever decision you make for your plan, doing one or the other is infinitely better than sitting back and doing nothing.